πŸ•Ί
πŸ•Ί
πŸ•Ί
πŸ•Ί
CheatSheets
Search…
Introduction
Getting Started With Hacking
VMs on Mac
Windows
Enumeration
Local Privilege Escalation
UAC Bypasses
Persistance
Networking
Active Directory
Offensive Powershell
Enumeration
Lateral Movement
Escalation
Persistance
Mimikatz
Alternate Cred Dumps
MSSQL
Defences and Bypasses
Setting Up a Lab
Red Teaming
Phishing Payloads
Cobalt Strike
Metasploit
Linux
Networking
Enumeration
Local Privilege Escalation
Persistance
MySQL
Mainframes
HP Nonstop
IBM z/OS
Cloud
AWS
GCP
Azure
Web App
Tomcat
SQLMap
PHP
Mobile
Android
iOS
Exploit-Dev
Linux
Shellcode
Windows
WiFi
Alfa AWUS036ACH Setup
Aircrack-ng
Powered By GitBook
Networking

Port Scanning

Powershell Ping Sweep

1
1..20 | % {"192.168.1.$($_): $(Test-Connection -count 1 -comp 192.168.1.$($_) -quiet)"}
Copied!

Powershell Testing ports

1
Test-NetConnection -computername UFC-WEBPROD -Port 80
Copied!

Port Forwarding

1
# Listen address is local ip of machine that will be proxy, connect address is target
2
netsh interface portproxy add v4tov4 listenaddress=192.168.250.10 listenport=443 connectaddress=192.168.250.22 connectport=443
Copied!

Firewalls

Listing Rules

1
netsh firewall show opmode
Copied!

Disabling Firewall

1
netsh firewall set opmode mode=disable
Copied!

Allowing Rule

1
​
Copied!

Enabling PsRemoting (WinRM)

1
​
Copied!

Enabling CredSSP

1
​
Copied!

Hyper-V

Listing VMs

1
Get-VM
Copied!

Get Info on Running VMs

1
# Show properties
2
get-vm -name vault-db |format-list *
3
​
4
# Get IP
5
get-vm -Name vault-db | Select -ExpandProperty Networkadapters
Copied!

Manage VMs

1
# Pass creds as object
2
$username = "<domain>\<username>"
3
$password = ConvertTo-SecureString "<password>" -AsPlainText -Force
4
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)
5
​
6
# Invoke Command on a VM using creds
7
invoke-command -vmname <vmname> -credential $cred -scriptblock {whoami}
8
​
9
# Enter-PSSession
10
Enter-PSSession -VMName <vmname> -Credential $cred
Copied!

Mounting VM Disk Image

1
# Stop VM
2
Stop-VM -Name vault-dc
3
​
4
# Mount VM and list partition
5
Mount-VHD -Path 'C:\Users\Public\Documents\Hyper-V\Virtual hard disks\vault-dc.vhdx' -PassThru | Get-Disk | Get-Partition | Get-Volume
6
​
7
# Show drives
8
Get-PSDrive
Copied!

SMB Null Session

1
enum4linux -n <IP>
2
enum4linux -a <IP>
3
​
4
# connect with smbclient and list shares
5
smbclient -L WORKGROUP -I <IP> -N -U ""
6
​
7
# Connect to shares
8
smbclient \\\\<IP>\\<SHARE> -N
9
​
10
# download
11
get <FILE>
12
​
13
# Upload
14
put <FILE>
Copied!
Windows - Previous
Persistance
Next - Active Directory
Offensive Powershell
Last modified 11mo ago
Copy link
Contents
Port Scanning
Port Forwarding
Firewalls
Enabling PsRemoting (WinRM)
Enabling CredSSP
Hyper-V
SMB Null Session